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REAL PARTY IN INTEREST 

The real party in interest is AT&T, Corp. 

RELATED APPEALS AND INTERFERENCES 

The Appellants know of no related appeals or interferences that might directly 
affect or be directly affected by or have bearing on the Board's decision in the pending 
appeal. 

STATUS OF CLAIMS 

Claims 1-11 are pending in the application. Claims 1-11 were originally 
presented in the application. Claims 1-11 stand rejected in view of the references as 
discussed below. The rejection of claims 1-11 based on the cited references is 
appealed. The pending claims are shown in the attached Appendix. 

STATUS OF AMENDMENTS 

Claims 1-11 were originally filed on December 5, 2001. Amendments to the 
claims were submitted in the response to the Office Action dated February 7, 2005 filed 
on May 9, 2005 and the response to the Final Office Action dated July 29, 2005 filed on 
September 29, 2005. No amendments to the claims, in this application, were submitted 
subsequent to final rejection. The Appellants are appealing the claims as they read at 
the time the final rejection dated January 18, 2007 was issued. These claims are 
shown in the attached Appendix. 

SUMMARY OF CLAIMED SUBJECT MATTER 

The present invention provides for a security mechanism (10) and method for 
enabling a user to commence a session between a network peripheral device (12) and 
a network (14). In an exemplary embodiment of claim 1, the security mechanism (10) 
comprises an immutable memory element (18) that contains first information including 
application software that initiates and provides security services (See e.g., Appellants' 
specification, paragraph [001 1]), a persistent memory element (24) that contains second 



PACE 6/29 • RCVD AT 7/18/2007 8:56:23 PM [Eastern Daylight Time] • EVR:USPTO-EFXRF-1/10 • DNIS:2738300 * C8ID:732 330 9808 * DURATION <mm-ss):1 1-44 



07/18/2007 20:58 FAX 732 530 9808 



PATTERSON & SHERIDAN -> PTO 



ID007/029 



BRIEF ON APPEAL 
Serial No. 10/005,113 
Page 3 of 25 

information to enable the security mechanism to configure the network peripheral device 
to access different networks (See e.g., Appellants' specification, paragraph [0013]), a 
volatile memory element (26) that contains third information, including the critical data 
for authentication, said third information erased from the volatile memory at the 
completion of each connection session (See e.g., Appellants' specification, paragraph 
[0014]) and a tamper-evident enclosure (32) for enclosing the memory elements (See 
e.g., Appellants' specification, paragraph [0015]). 

In an exemplary embodiment of claim 10, the method comprises accessing an 
immutable memory element (18) that contains first information that provides security 
services. (See e.g., Appellants' specification, paragraph [0011].) Then the method 
accesses a persistent memory element (24) that contains second information including 
configuration information to enable the security mechanism to configure the network 
peripheral device to access the network. (See e.g., Appellants' specification, paragraph 
[0013].) Subsequently, the method accesses a volatile memory element (26) that 
contains third information, including critical data for authentication. (See e.g., 
Appellants' specification, paragraph [0014].) The method concludes by erasing said 
third information not later than the end of the connection session so no third information 
remains in the volatile memory between sessions. (See Id.) 

In one embodiment, Appellants' invention teaches the novel concept of a security 
mechanism for enabling a user to commence a session between a network peripheral 
device and a network. For example, a volatile memory element that contains critical 
data for authentication is erased from the volatile memory at the completion of each 
connection session. Appellants' invention advantageously allows a device to be 
configured to access any network and the corresponding network's software (see e.g., 
Appellants' Specification, paragraphs [0006], and [0013]). In other words, the same 
device, e.g., a laptop, can be connected to various networks. Once the session is 
completed with the device, all of the information in the volatile memory element is 
erased, thereby preventing re-use of such information by unauthorized users. (See 
e.g., Appellants' Specification, paragraph [0006].) 



PAGE 7/29 * RCVO AT 7/1 8/2007 8:56:25 PM [Eastern Daylight Time] * SVR:USPTO-E PXRF-1/1 0 * DNIS: 2738300 * CSID: 732 530 9808 * DURATION (mm-ss): 1 1-44 



07/18/2007 20:59 FAX 732 530 9808 



PATTERSON & SHERIDAN - PTO 



12008/029 



BRIEF ON APPEAL 
Serial No. 10/005,113 
Page 4 of 25 

GROUNDS OF REJECTION TO BE REVIEWED ON APPEAL 

Claims 1-11 stand rejected under 35 U.S.C. §1 03(a) as being obvious over 
Sherer, et al. (US Patent 6,115,376, issued September 5, 2000, hereinafter referred to 
as "Sherer") in view of Jones, et al. (US Patent 5,623,637, issued April 22, 1997, 
hereinafter referred to as "Jones"). 

ARGUMENT 

1. Claim 1 

Claim 1 stands rejected under 35 U.S.C. § 103 as being unpatentable over 
Sherer in view of Jones. Appellants respectfully traverse the rejection. 

Sherer teaches medium access control address authentication. A network 
Interface card on an end station used in accordance with the invention is disclosed. 
(See Sherer, col. 5, II. 32-67.) Notably, the network interface card contains only a single 
memory module 46. (See Id., emphasis added.) 

Jones teaches an encrypted data storage card including smartcard integrated 
circuit for storing an access password and encryption keys. A user in possession of the 
card enters a password stored in the card's memory. (See Jones, col. 8, II. 47-67.) If 
the password is correct, the user has access to needed access codes stored in the 
password-protected card. (See Jones, col. 9, II. 1-21.) 

The Board's attention is directed to the fact that Sherer and Jones, alone or in 
any permissible combination, fail to teach, show or suggest a security mechanism for 
enabling a user to commence a session between a network peripheral device and a 
network comprising a volatile m emory element that contains third information, including 
the critical data for a uthentication, said third information erased from the volatile 
memory at the com pletion of each connection session, as positively claimed by 
Appellants' independent claim 1. Specifically, Appellants' independent claim 1 recites: 

1 . A security mechanism for enabling a user to commence a session 
between a network peripheral device and a network, comprising: 

an immutable memory element that contains first information including 
application software that initiates and provides security services; 

a persistent memory element that contains second information to enable 
the security mechanism to configure the network peripheral device to access 
different networks; 
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a volatile memory element that contains third information, including the 
critical data for authentication, said third information erased from the volatile 
memory at the completion of each connection sessiop - and 

a tamper-evident enclosure for enclosing the memory elements. 
(Emphasis Added) 

Appellants' invention teaches the novel concept of a security mechanism for 
enabling a user to commence a session between a network peripheral device and a 
network comprising a volatile me mory element that contains third information, including 
the critical data for a uthentication, said third information erased from the volatile 
memory at the completion of each connection session . Appellants' invention 
advantageously allows a device to be configured to access any network and the 
corresponding network's software (See e.g., Appellants' Specification, paragraphs 
[0006]; and [0013]). In other words, the same device, e.g., a laptop, can be connected 
to various networks. Once the session is completed all of the information in the volatile 
memory element is erased, thereby preventing re-use of such information by 
unauthorized users. (See e.g., Appellants' Specification, paragraph [0006].) 

The alleged combination (as taught by Sherer) fails to teach, show or suggest a 
security mechanism or method for enabling a user to commence a session between a 
network peripheral device and a network comprising a immutable memory element , a 
persistent memory element and a volatile memory element that contains third 
Information, including the critical da ta for authentication, said third information erased 
from the volatile mem ory at the completion of each connection session, as positively 
claimed by Appellants' independent claim 1. First, unlike the Appellants' invention that 
teaches three separate types of memory elements (i.e. immutable memory element, 
persistent memory element and volatile memory element), Sherer only teaches that the 
network interface card contains a single memory element 46. (See Sherer, column 5, 
lines 32-67, FIG. 3, emphasis added.) 

However, the Examiner asserts in the Final Office Action and reiterates in the 
Advisory Action dated May 4, 2007 (hereinafter "Advisory Action"), that the number of 
memory modules does not determine patentability. (See Final Office Action, page 2, 
lines 6-13.) Moreover, the Examiner alleges that such limitation would have been 
obvious because Sherer does explicitly show a program memory module subdivided 
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into multiple segments or modules in FIG. 3. (See Id.) However, the Appellants* 
argument, as clarified, is that using three different types of memory elements is clearly 
patentable and not obvious. For example, it is the Appellants' novel combination of 
usin 9 three different types of memory elements, where each of the memory elements is 
carrying a different type of information, that contributes to the Appellants' novel method 
for facilitating a secure connection session with a user between a network peripheral 
device and a network. As discussed above, using three different types of memory 
elements allows all of the information in the volatile memory element to be erased, 
thereby preventing re-use of such information by unauthorized users. (See Appellants' 
Specification, paragraph [0006].) 

Moreover, as conceded by the Examiner, Sherer fails to teach or to suggest a 
volatile memory elem ent that contains third information, including the critical data for 
authentication, said third informa tion erased from the volatile memory at the completion 
of each connection session. (See Final Office Action, page 4, lines 1-2.) However, the 
Examiner alleges that Jones bridges the substantial gap left by Sherer. 

The Appellants respectfully submit that Jones fails to bridge the substantial gap 
left by Sherer because Jones also fails to teach, show or suggest a security mechanism 
or method for enabling a user to commence a session between a network peripheral 
device and a network comprising a volatile memory element that contains third 
information, includin g the critical data for authentication, said third information erased 
from the volatile m emory at the completion of each connection session , as positively 
claimed by Appellants' independent claim 1. In fact, Jones teaches awav from the 
Appellants' invention because Jones clearly teaches that critical information is stored in 
the card's memory and fails to teach that this information is erased from the volatile 
memory at the comp letion of each connection session . (See Jones, column 8, lines 47- 
67; column 9, lines 1-21.) Jones specifically teaches that a user supplies a secret 
password that is written into the smart card I.e. memory . (See Jones, column 8, lines 
6-9, emphasis added.) Jones further teaches that ". . . whose processor (i.e. the smart 
card) is programmed to combine the random number 303 at 325 with the previously 
stored secret password 301 to form a result value at 327." (See Jones, column 8, lines 
21-24, emphasis added.) 
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Furthermore, the Examiner conceded that Sherer does not expressly disclose 
third information erased from the volatile memory at the completion of each session. 
The Examiner then alleged that Sherer suggests using different authentication 
schemes. Finally, the Examiner then leaps from this alleged suggestion of using 
different authentication schemes to make obvious the teaching of deleting session keys 
after the completion of a session. It is respectfully submitted that a general statement 
such as "using different authentication schemes" would not suggest erasing said third 
information from the vol atile memory at the completion of each connection session . The 
Examiner provided absolutely no support in the alleged combination of Sherer and 
Jones for this teaching. In fact, the Examiner is simply using impermissible hindsight. 

In rebuttal, the Examiner asserts in the Final Office Action and reiterates in the 
Advisory Action that the Appellants' arguments with respect the limitation of "erasing the 
information from the volatile memory at the completion of the session" ignores the fact 
that one-time passwords were conventional and well known by vaguely citing to Sherer 
in columns 5-6. (See Final Office Action, page 2, lines 14-20.) However, in doing so, 
the Examiner contradicts his own concession that Sherer does not expressly disclose 
such limitation. (See Id. at page 4, lines 1-2.) 

Regardless, Sherer does not support the Examiner's assertion or interpretation 
that one-time passwords make obvious the feature of erasing the third information 
(including critical data for authenti cation) form the volatile memory at the completion of 
the session. Sherer explicitly teaches storing critical data for authentication. (See 
Sherer, column 5, lines 62-67.) Sherer states "[i]n a preferred embodiment, the end 
station is prevented from reading the secret value stored in the network interface cards , 
such as by storing it in memory location that is not within the host system address 
space . . ." (See Id., emphasis added.) In addition, Sherer actually teaches awav from 
the Appellants' invention because Sherer explicitly teaches that the critical data for 
authentication, such as private key 52, is not contained in a volatile memory element, 
such as RAM 46. Therefore, Sherer and Jones, alone or in any permissible 
combination clearly fail to teach or suggest at least the limitation of a volatile memory 
element that contains t hird information, including the critical data for authentication, said 
third information erased from the volatile memory at the completion of each connection 
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session , as positively claimed by Appellants' independent claim 1. 

In rejecting claims under 35 U.S.C. §103, it is incumbent upon the Examiner to 
establish a factual basis to support the legal conclusion of obviousness. See In re Fine . 
837 F.2d 1071, 1073 f 5 USPQ2d 1596, 1598 (Fed. Cir. 1988). In so doing, the 
Examiner is expected to make the factual determinations set forth in Graham v. John 
Deere Co. . 383 U.S. 1, 17, 148 USPQ 459, 467 (1966), and to provide a reason why 
one having ordinary skill in the pertinent art would have been led to modify the prior art 
or to combine prior art references to arrive at the claimed invention. Such reason must 
stem from some teaching, suggestion or implication in the prior art as a whole or 
knowledge generally available to one having ordinary skill in the art. Uniroval. Inc. v. 
Rudkin-Wilev Corp. . 837 F.2d 1044, 1051, 5 USPQ2d 1434, 1438 (Fed. Cir.), cert, 
denied , 488 U.S. 825 (1988); Ashland Oil. Inc. v. Delta Resins & Refractories. Inc. . 776 
F.2d 281 293, 227 USPQ 657, 664 (Fed. Cir. 1985), cert. Denied . 475 U.S. 1017 
(1986): ACS Hosp. Svs.. Inc. v. Montefiore Hosp. 732 F.2d 1572, 1577, 221 USPQ 929, 
933 (Fed. Cir. 1984). These showings by the Examiner are an essential part of 
complying with the burden of presenting a prima facie case of obviousness. Note In re 
Oetiker , 977 F.2d 1443, 1445, 24 USPQ2d 1443, 1444 (Fed. Cir. 1992). It is 
respectfully submitted that the Examiner failed to present a prima facie case of 
obviousness. Consequently, the combination of Sherer and Jones clearly fails to render 
obvious Appellants' invention as recited in independent claim 1. Therefore, the 
Appellants respectfully submits that claim 1 fully satisfies the requirements of 35 U.S.C. 
§ 103 and is patentable thereunder. 

2. Claim 2 

Claim 2 stands rejected under 35 U.S.C. §103 as being unpatentable over 
Sherer in view of Jones. Appellants respectfully traverse the rejection. 

The Appellants submit that Sherer in view of Jones does not teach, show, or 
suggest all of the limitations of independent claim 1. Since Sherer in view of Jones 
does not render obvious Appellants' invention as recited in Appellants' independent 
claim 1, dependent claim 2 is also not rendered obvious since the claim depends 
directly from claim 1 and recites additional features of the present invention. Thus, 
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claim 2 should be deemed patentable for at least the reasons stated above with respect 
to independent claim 1. 

Secondly, the Appellants contend that Sherer in view of Jones does not teach the 
novel concept of a security mechanism for enabling a user to commence a session 
between a network peripheral device and a network comprising a volatile memory 
element t hat contains third information, including the critical data for authentication, said 
third information eras ed from the volatile memory at the completion of each connection 
session, as positively recited by the Appellants' independent claim 1, in combination 
with wherein the security services include authentication of the security mechanism 
itself and authentication of the user to the network upon receipt of identification 
information from the security mechanism and the user, respectively, as set forth in claim 

2. Performing authentication of the security mechanism itself and the authentication of 
the user provides added security. Thus, Sherer in view of Jones clearly fails to render 
obvious Appellants' dependent claim 2. Therefore, Appellants respectfully submit that 
claim 2 fully satisfies the requirements of 35 U.S.C. § 103 and is patentable thereunder. 

3. Claim 3 

Claim 3 stands rejected under 35 U.S.C. §103 as being unpatentable over 
Sherer in view of Jones. Appellants respectfully traverse the rejection. 

The Appellants submit that Sherer in view of Jones does not teach, show, or 
suggest all of the limitations of independent claim 1. Since Sherer in view of Jones 
does not render obvious Appellants' invention as recited in Appellants' independent 
claim 1, dependent claim 3 is also not rendered obvious since the claim depends 
directly from claim 1 and recites additional features of the present invention. Thus, 
claim 3 should be deemed patentable for at least the reasons stated above with respect 
to independent claim 1 . 

Secondly, the Appellants contend that Sherer in view of Jones does not teach the 
novel concept of a security mechanism for enabling a user to commence a session 
between a network peripheral device and a network comprising a volatile memory 
element that contains third information, including the critical data for authentication, said 
third infor mation erased from the volatile memory at the completion of each connection 
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session, as positively recited by the Appellants' independent claim 1, in combination 
with wherein the immutable memory contains a private key for encrypting the user and 
security mechanism identification information, as set forth in claim 3. This ensures that 
the private keys used by different network peripheral devices remain independent from 
each other and that the security device cannot be forced to use keys known to an 
attacker. (See e.g., Appellants' specification, para. [0011].) Thus, Sherer in view of 
Jones plearly fails to render obvious Appellants' dependent claim 3. Therefore, 
Appellants respectfully submit that claim 3 fully satisfies the requirements of 35 U.S.C. § 
103 and is patentable thereunder. 

4. Claim 4 

Claim 4 stands rejected under 35 U.S.C. §103 as being unpatentable over 
Sherer in view of Jones. Appellants respectfully traverse the rejection. 

The Appellants submit that Sherer in view of Jones does not teach, show, or 
suggest all of the limitations of independent claim 1. Since Sherer in view of Jones 
does not render obvious Appellants' invention as recited in Appellants' independent 
claim 1, dependent claim 4 is also not rendered obvious since the claim depends 
directly from claim 1 and recites additional features of the present invention. Thus, 
claim 4 should be deemed patentable for at least the reasons stated above with respect 
to independent claim 1. 

Secondly, the Appellants contend that Sherer in view of Jones does not teach the 
novel concept of a security mechanism for enabling a user to commence a session 
between a network peripheral device and a network comprising a volatile memory 
element that contains third informati on, including the critical data for authentication, said 
third information erased from the vola tile memory at the completion of each connection 
session, as positively recited by the Appellants' independent claim 1, in combination 
with wherein the immutable memory comprises a Read-Only Memory (ROM), as set 
forth in claim 4. (See e.g., Appellants' specification, para. [0011].) Thus, Sherer in view 
of Jones clearly fails to render obvious Appellants' dependent claim 4. Therefore, 
Appellants respectfully submit that claim 4 fully satisfies the requirements of 35 U.S.C. § 
103 and is patentable thereunder. 
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5. Claim 5 

Claim 5 stands rejected under 35 U.S.C. §103 as being unpatentable over 
Sherer in view of Jones. Appellants respectfully traverse the rejection. 

The Appellants submit that Sherer in view of Jones does not teach, show, or 
suggest all of the limitations of independent claim 1. Since Sherer in view of Jones 
does not render obvious Appellants' invention as recited in Appellants' independent 
claim 1, dependent claim 5 is also not rendered obvious since the claim depends 
indirectly from claim 1 and recites additional features of the present invention. Thus, 
claim 5 should be deemed patentable for at least the reasons stated above with respect 
to independent claim 1. 

Secondly, the Appellants contend that Sherer in view of Jones does not teach the 
novel concept of a security mechanism for enabling a user to commence a session 
between a network peripheral device and a network comprising a volatile memory 
element that contains third information, including the critical data for authentication, said 
third information erased from th e volatile memory at the completion of each connection 
session, as positively recited by the Appellants' independent claim 1, in combination 
with wherein the immutable memory further includes a Write-once ROM, as set forth in 
claim 5. (See, e.g., Appellants' specification, para. [0012].) 

The Examiner uses Official Notice alleging that it would have been obvious to 
use other types of memory in the device taught by Sherer simply because Sherer 
teaches using a single type of memory. (See Final Office Action, page 4, line 20 - page 
5, line 6.) The Examiner responds by citing to Jones column 5, lines 10-20 as support 
for the Official Notice. (See Advisory Action dated May 4, 2007, Continuation Sheet, 
second paragraph.) However, the Appellants respectfully submit that the passage cited 
by the Examiner to support the Official Notice only teaches the use of RAM, EEPROM 
and read-only memory. Jones does not teach or suggest the use of Write-Once ROM in 
combination with the other types of memory as claimed by the Appellants' dependent 
claim 5. Thus, Sherer in view of Jones clearly fails to render obvious Appellants' 
dependent claim 5. Therefore, Appellants respectfully submit that claim 5 fully satisfies 
the requirements of 35 U.S.C. § 103 and is patentable thereunder. 
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6. Claim 6 

Claim 6 stands rejected under 35 U.S.C. §103 as being unpatentable over 
Sherer in view of Jones. Appellants respectfully traverse the rejection. 

The Appellants submit that Sherer in view of Jones does not teach, show, or 
suggest all of the limitations of independent claim 1. Since Sherer in view of Jones 
does not render obvious Appellants' invention as recited in Appellants' independent 
claim 1, dependent claim 6 is also not rendered obvious since the claim depends 
directly from claim 1 and recites additional features of the present invention. Thus, 
claim 6 should be deemed patentable for at least the reasons stated above with respect 
to independent claim 1. 

Secondly, the Appellants contend that Sherer in view of Jones does not teach the 
novel concept of a security mechanism for enabling a user to commence a session 
between a network peripheral device and a network comprising a volatile memory 
element th at contains third information, including the critical data for authentication, said 
third information era sed from the volatile memory at the completion of each connection 
session, as positively recited by the Appellants' independent claim 1, in combination 
with wherein the persistent memory comprises at least one of one of a Complementary 
Metal Oxide Semiconductor Random Access Memory (CMOSRAM) and a 
Programmable Read Only Memory (PROM), as set forth in claim 6. Advantageously, 
the PROM stores configuration data that enables the security mechanism to facilitate a 
connection with different networks. (See, e.g., Appellants' specification, para. [0013].) 
Thus, Sherer in view of Jones clearly fails to render obvious Appellants' dependent 
claim 6. Therefore, Appellants respectfully submit that claim 6 fully satisfies the 
requirements of 35 U.S.C. § 103 and is patentable thereunder. 

7. Claim 7 

Claim 7 stands rejected under 35 U.S.C. §103 as being unpatentable over 
Sherer in view of Jones. Appellants respectfully traverse the rejection. 

The Appellants submit that Sherer in view of Jones does not teach, show, or 
suggest all of the limitations of independent claim 1. Since Sherer in view of Jones 
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does not render obvious Appellants' Invention as recited in Appellants' independent 
claim 1, dependent claim 7 is also not rendered obvious since the claim depends 
directly from claim 1 and recites additional features of the present invention. Thus, 
claim 7 should be deemed patentable for at least the reasons stated above with respect 
to independent claim 1. 

Secondly, the Appellants contend that Sherer in view of Jones does not teach the 
novel concept of a security mechanism for enabling a user to commence a session 
between a network peripheral device and a network comprising a volatile memory 
element that contains third information , including the critical data for authentication said 
third information erased from the volat ile memory at the completion of each connantinn 
session, as positively recited by the Appellants' independent claim 1, in combination 
with wherein the volatile memory comprises a random access memory, as set forth in 
claim 7. Advantageously, all data within the RAM may be erased and only remains for 
the duration of a session. (See e.g., Appellants' specification, para. [0014].) Thus, 
Sherer in view of Jones clearly fails to render obvious Appellants' dependent claim 7. 
Therefore, Appellants respectfully submit that claim 7 fully satisfies the requirements of 
35 U.S.C. § 103 and is patentable thereunder. 

8. Claim 8 

Claim 8 stands rejected under 35 U.S.C. §103 as being unpatentable over 
Sherer in view of Jones. Appellants respectfully traverse the rejection. 

The Appellants submit that Sherer in view of Jones does not teach, show, or 
suggest all of the limitations of independent claim 1. Since Sherer in view of Jones 
does not render obvious Appellants' invention as recited in Appellants' independent 
claim 1, dependent claim 8 is also not rendered obvious since the claim depends 
directly from claim 1 and recites additional features of the present invention. Thus, 
claim 8 should be deemed patentable for at least the reasons stated above with respect 
to independent claim 1 . 

Secondly, the Appellants contend that Sherer in view of Jones does not teach the 
novel concept of a security mechanism for enabling a user to commence a session 
between a network peripheral device and a network comprising a volatile memory 
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element t hat contains third information, including the critical data for authentication, said 
third information erased from the volatile memory at the completion of each connection 
session, as positively recited by the Appellants' independent claim 1, in combination 
with wherein the tamper evident enclosure readily exhibits any attempt to gain access 
there through to the memory elements enclosed therein, as set forth in claim 8. 
Advantageously, a user who inspects the tamper-evident enclosure can easily observe 
whether anyone has attempted to gain access to any of the Security ROM, Write-Once 
ROM, Configuration memory or volatile memory. (See e.g., Appellants' specification, 
para. [0015].) Thus, Sherer in view of Jones clearly fails to render obvious Appellants' 
dependent claim 8. Therefore, Appellants respectfully submit that claim 8 fully satisfies 
the requirements of 35 U.S.C. § 103 and is patentable thereunder. 

9. Claim 9 

Claim 9 stands rejected under 35 U.S.C. §103 as being unpatentable over 
Sherer in view of Jones. Appellants respectfully traverse the rejection. 

The Appellants submit that Sherer in view of Jones does not teach, show, or 
suggest all of the limitations of independent claim 1. Since Sherer in view of Jones 
does not render obvious Appellants' invention as recited in Appellants' independent 
claim 1, dependent claim 9 is also not rendered obvious since the claim depends 
directly from claim 1 and recites additional features of the present invention. Thus, 
claim 9 should be deemed patentable for at least the reasons stated above with respect 
to independent claim 1 . 

Secondly, the Appellants contend that Sherer in view of Jones does not teach the 
novel concept of a security mechanism for enabling a user to commence a session 
between a network peripheral device and a network comprising a volatile memory 
element that contains third information, including the critical data for authentication, said 
third information er ased from the volatile memory at the completion of each connection 
session, as positively recited by the Appellants' independent claim 1 , in combination 
with wherein the physical security of the security mechanism depends on the degree of 
tamper resistance of the enclosure, as set forth in claim 9. Thus, the effective level of 
the physical security may depend on the selection of the materials and fabrication 
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technology employed. (See e.g., Appellants' specification, para. [0015].) Thus, Sherer 
in view of Jones clearjy fails to render obvious Appellants' dependent claim 9. 
Therefore, Appellants respectfully submit that claim 9 fully satisfies the requirements of 
35 U.S.C. § 103 and is patentable thereunder. 

10. Claim 10 

Claim 10 stands rejected under 35 U.S.C. § 103 as being unpatentable over 
Sherer in view of Jones. Appellants respectfully traverse the rejection. 

Sherer teaches medium access control address authentication. A network 
interface card on an end station used in accordance with the invention is disclosed. 
(See Sherer, column 5, lines 32-67.) Notably, the network interface card contains only 
a single m emory module 46, (See Id., emphasis added.) 

Jones teaches an encrypted data storage card including smartcard integrated 
circuit for storing an access password and encryption keys. A user in possession of the 
card enters a password stored in the card's memory. (See Jones, column 8, lines 47- 
67.) If the password is correct, the user has access to needed access codes stored in 
the password-protected card. (See Jones, column 9, lines 1-21.) 

The Board's attention is directed to the fact that Sherer and Jones, alone or in 
any permissible combination, fail to teach, show or suggest a method for facilitating a 
secure connection session with a user between a network peripheral device and a 
network comprising erasing sai d third information not later than the end of the 
connection session s o no third information remains in the volatile memory between 
sessions, as positively claimed by Appellants' independent claim 10. Specifically, 
Appellants' independent claim 10 recites: 

10. A method for facilitating a secure connection session with a user between 
a network peripheral device and a network, comprising the steps of: 

accessing an immutable memory element that contains first information 
that provides security services; 

accessing a persistent memory element that contains second information 
including configuration information to enable the security mechanism to configure 
the network peripheral device to access a network; 

accessing a volatile memory element that contains third information, 
including the critical data for authentication; and 

erasing said third information not later than the end of the connection 
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session so no third information remains in the volatile memory between sessions . 
(Emphasis Added) 

In an exemplary embodiment, the Appellants' invention teaches the novel 
concept of a method for facilitating a secure connection session with a user between a 
network peripheral device and a network comprising erasing said third information not 
later than the end of the connection session so no third information remains in the 
volatile memory between sessions . Appellants' invention advantageously allows a 
device to be configured to access any network and the corresponding network's 
software (See e.g., Appellants' Specification, paragraphs [0006] and [0013]). In other 
words, the same device, e.g., a laptop, can be connected to various networks. Once 
the session is completed all of the information in the volatile memory element is erased, 
thereby preventing re-use of such information by unauthorized users. (See e.g., 
Appellants' Specification, paragraph [0006].) 

The alleged combination (as taught by Sherer) fails to teach, show or suggest a 
security mechanism or method for enabling a user to commence a session between a 
network peripheral device and a network comprising a immutable memory element , a 
persistent memory element and a volatile memory element that contains third 
information, including the critical data for authentication, said third information erased 
from the volatile memory at the completion of each connection session , as positively 
claimed by Appellants' independent claim 10. First unlike the Appellants' invention that 
teaches three separate types of memory elements (i.e. immutable memory element, 
persistent memory element and volatile memory element), Sherer only teaches that the 
network interface card contains a single memory element 46. (See Sherer, column 5, 
lines 32-67, FIG. 3, emphasis added.) 

However, the Examiner asserts in the Final Office Action and reiterates in the 
Advisory Action dated May 4, 2007 (hereinafter "Advisory Action"), that the number of 
memory modules does not determine patentability. (See Final Office Action, page 2, 
lines 6-13.) Moreover, the Examiner alleges that such limitation would have been 
obvious because Sherer does explicitly show a program memory module subdivided 
into multiple segments or modules in FIG. 3. (See Id,) However, the Appellants' 
argument, as clarified, is that using three different types of memory elements is clearly 
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patentable and not obvious. For example, it is the Appellants' novel combination of 
using three different types of memory elements, where each of the memory elements is 
carrying a different type of information, that contributes to the Appellants' novel method 
for facilitating a secure connection session with a user between a network peripheral 
device and a network. As discussed above, this allows all of the information in the 
volatile memory element to be erased, thereby preventing re-use of such information by 
unauthorized users. (See e.g., Appellants' Specification, paragraph [0006].) 

Moreover, as conceded by the Examiner, Sherer fails to teach or to suggest 
erasing said third inf ormation not later than the end of the connection session so no 
third information rema ins in the volatile memory between sessions . (See Final Office 
Action, page 4, lines 1-2.) However, the Examiner alleges that Jones bridges the 
substantial gap left by Sherer. 

The Appellants respectfully submit that Jones fails to bridge the substantial gap 
left by Sherer because Jones also fails to teach, show or suggest a security mechanism 
or method for enabling a user to commence a session between a network peripheral 
device and a network comprising erasing said third information not later than the end of 
the connection session so no t hird information remains in the volatile memory between 
sessions, as positively claimed by Appellants' independent claim 10. In fact, Jones 
teaches away from the Appellants' invention because Jones clearly teaches that critical 
information is stored i n the card's memory and fails to teach that this information is 
erased from the volatile memory at the completion of each connection session . (See 
Jones, column 8, lines 47-67; column 9, lines 1-21.) Jones specifically teaches that a 
user supplies a secret password that is written into the smart card I.C. memory . (See 
Jones, column 8, lines 6-9, emphasis added.) Jones further teaches that . . whose 
processor (i.e. the smart card) is programmed to combine the random number 303 at 
325 with the previously stored secret password 301 to form a result value at 327." (See 
Jones, column 8, lines 21-24, emphasis added.) 

Furthermore, the Examiner conceded that Sherer does not expressly disclose 
third information erased from the volatile memory at the completion of each session. 
The Examiner then alleged that Sherer suggests using different authentication 
schemes. Finally, the Examiner then leaps from this alleged suggestion of using 
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different authentication schemes to make obvious the teaching of deleting session keys 
after the completion of a session. It is respectfully submitted that a general statement 
such as "using different authentication schemes" would not suggest erasing said third 
information from the volatile memory at the completion of each connection session . The 
Examiner provided absolutely no support in the alleged combination of Sherer and 
Jones for this teaching. In fact, the Examiner Is simply using impermissible hindsight 

In rebuttal, the Examiner asserts in the Final Office Action and reiterates in the 
Advisory Action that the Appellants' arguments with respect the limitation of "erasing the 
information from the volatile memory at the completion of the session" ignores the fact 
that one-time passwords were conventional and well known by vaguely citing to Sherer 
in columns 5-6. (See Final Office Action, page 2, lines 14-20.) However, in doing so, 
the Examiner contradicts his own concession that Sherer does not expressly disclose 
such limitation. (See Id. at page 4, lines 1-2.) 

Regardless, Sherer does not support the Examiner's assertion or interpretation 
that one-time passwords make obvious the feature of erasing the third information 
(including critical data for authentication) form the volatile memory at the completion of 
the session . Sherer explicitly teaches storing critical data for authentication. (See 
Sherer, column 5, lines 62-67.) Sherer states a [i]n a preferred embodiment, the end 
station is prevented from reading the secret value stored in the network interface cards , 
such as by storing it in memory location that is not within the host system address 
space . . (See /d, emphasis added.) In addition, Sherer actually teaches away from 
the Appellants' invention because Sherer explicitly teaches that the critical data for 
authentication, such as private key 52, is not contained in a volatile memory element, 
such as RAM 46. Therefore, Sherer and Jones, alone or in any permissible 
combination clearly fail to teach or suggest at least the limitation of erasing said third 
information not later than the end of the connection session so no third information 
remains in the volatile memory between sessions , as positively claimed by Appellants* 
independent claim 10. 

In rejecting claims under 35 U.S.C. §103, it is incumbent upon the Examiner to 
establish a factual basis to support the legal conclusion of obviousness. See In re Fine . 
837 F.2d 1071, 1073, 5 USPQ2d 1596, 1598 (Fed. Cir. 1988). In so doing, the 
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Examiner is expected to make the factual determinations set forth in Graham v. John 
Deere Co., 383 U.S. 1, 17, 148 USPQ 459, 467 (1966), and to provide a reason why 
one having ordinary skill in the pertinent art would have been led to modify the prior art 
or to combine prior art references to arrive at the claimed invention. Such reason must 
stem from some teaching, suggestion or implication in the prior art as a whole or 
knowledge generally available to one having ordinary skill in the art. Uniroval. Inc. v. 
Rudkin-Wilev Com.. 837 F.2d 1044, 1051, 5 USPQ2d 1434, 1438 (Fed. Cir.), cert. 
denied, 488 U.S. 825 (1988); Ashland Oil. Inc. v. Delta Resins & Refractories. Inc. . 776 
F.2d 281 293, 227 USPQ 657, 664 (Fed. Cir. 1985), cert. Denied . 475 U.S. 1017 
(1986): ACS Hosd. Svs.. Inc. v. Montefiore Hosp. 732 F.2d 1572, 1577, 221 USPQ 929, 
933 (Fed. Cir. 1984). These showings by the Examiner are an essential part of 
complying with the burden of presenting a prima facie case of obviousness. Note In re 
Oetiker, 977 F.2d 1443, 1445, 24 USPQ2d 1443, 1444 (Fed. Cir. 1992). It is 
respectfully submitted that the Examiner failed to present a prima facie case of 
obviousness. Consequently, the combination of Sherer and Jones clearly fails to render 
obvious Appellants' invention as recited in independent claim 10. Therefore, the 
Appellants respectfully submits that claim 10 fully satisfies the requirements of 35 
U.S.C. § 1 03 and is patentable thereunder. 

11. Claim 1 1 

Claim 11 stands rejected under 35 U.S.C. §103 as being unpatentable over 
Sherer in view of Jones. Appellants respectfully traverse the rejection. 

The Appellants submit that Sherer in view of Jones does not teach, show, or 
suggest all of the limitations of independent claim 10. Since Sherer in view of Jones 
does not render obvious Appellants' invention as recited in Appellants' independent 
claim 10, dependent claim 11 is also not rendered obvious since the claim depends 
directly from claim 10 and recites additional features of the present invention. Thus, 
claim 11 should be deemed patentable for at least the reasons stated above with 
respect to independent claim 10. 

Secondly, the Appellants contend that Sherer in view of Jones does not teach the 
novel concept of a method for facilitating a secure connection session with a user 
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between a network peripheral device and a network comprising erasing said third 
information not later than the end of the connection session so no third information 
remains in the volatile memory between sessions , as positively recited by the 
Appellants' independent claim 10, in combination with wherein the security services 
include authentication of the security mechanism itself and authentication of the user to 
the network upon receipt of identification information from the security mechanism and 
the user, respectively, as set forth in claim 11. Performing authentication of the security 
mechanism itself and the authentication of the user provides added security. Thus, 
Sherer in view of Jones clearly fails to render obvious Appellants' dependent claim 11. 
Therefore, Appellants respectfully submit that claim 1 1 fully satisfies the requirements of 
35 U.S.C. § 103 and is patentable thereunder. 
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CONCLUSION 

For the reasons advanced above, the Appellants respectfully urge that the 
rejections of claims 1-11 as being unpatentable under 35 U.S.C. § 103 are Improper. 
Reversal of the rejections in this appeal is respectfully requested. If necessary, please 
charge any shortage in fees due in connection with the filing of this paper, including 
extension of time fees, to Deposit Account No. 20-0782/ATT/2001-0450, and please 
credit any excess fees to the above referenced deposit account. 



Respectfully submitted, 



July 18. 2007 




Attorney Reg. No. 39,400 
(732) 530-9404 



Patterson & Sheridan, LLP 

595 Shrewsbury Avenue 
Suite 100 

Shrewsbury, NJ 07702 
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CLAIMS APPENDIX 

1 . (Previously Presented) A security mechanism for enabling a user to commence a 
session between a network peripheral device and a network, comprising: 

an immutable memory element that contains first information including 
application software that initiates and provides security services; 

a persistent memory element that contains second information to enable the 
security mechanism to configure the network peripheral device to access different 
networks; 

a volatile memory element that contains third information, including the critical 
data for authentication, said third information erased from the volatile memory at the 
completion of each connection session; and 

a tamper-evident enclosure for enclosing the memory elements. 

2. (Previously presented) The security mechanism according to claim 1 wherein the 
security services include authentication of the security mechanism itself and 
authentication of the user to the network upon receipt of identification information from 
the security mechanism and the user, respectively. 

3. (Original) The security mechanism according to claim 1 wherein the immutable 
memory contains a private key for encrypting the user and security mechanism 
identification information. 

4. (Original) The security mechanism according to claim 1 wherein the immutable 
memory comprises a Read-Only Memory (ROM). 

5. (Original) The security mechanism according to claim 4 wherein the immutable 
memory further includes a Write-once ROM. 

6. (Previously presented) The security mechanism according to claim 1 wherein the 
persistent memory comprises at least one of one of a Complementary Metal Oxide 
Semiconductor Random Access Memory (CMOSRAM) and a Programmable Read Only 
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Memory (PROM). 

7. (Original) The security mechanism according to claim 1 wherein the volatile 
memory comprises a random access memory. 

8. (Original) The security mechanism according to claim 1 wherein the tamper 
evident enclosure readily exhibits any attempt to gain access there through to the 
memory elements enclosed therein. 

9. (Original) The security mechanism according to claim 1 wherein the physical 
security of the security mechanism depends on the degree of tamper resistance of the 
enclosure. 

1 0. (Previously Presented) A method for facilitating a secure connection session with 
a user between a network peripheral device and a network, comprising the steps of: 

accessing an immutable memory element that contains first information that 
provides security services; 

accessing a persistent memory element that contains second information 
including configuration information to enable the security mechanism to configure the 
network peripheral device to access the network; 

accessing a volatile memory element that contains third information, including 
critical data for authentication; and 

erasing said third information not later than the end of the connection session so 
no third information remains in the volatile memory between sessions. 

1 1 . (Original) The method according to claim 1 0 wherein the security services 
include authentication of the security mechanism itself and authentication of the user to 
the network upon receipt of identification information from the security mechanism and 
the user, respectively. 
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EVIDENCE APPENDIX 



None 



PAGE 29129 * RCVD AT 7/18/2007 8:56:25 PM [Eastern Daylight Time] * SVR:USPTO-EFXRF-1/10 " DNIS:2738300 * CSID:732 530 9808 * DURATION (mm-ss):1 1^4 



07/18?200"7 21:07 FAX 732 530 9808 



PATTERSON & SHERIDAN -> PTO 



31029/029 



BRIEF ON APPEAL 
Serial No. 10/005,113 
Page 25 of 25 

RELATED PROCEEDINGS APPENDIX 



None 
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